June 26, 2022

Volume XII, Number 177

Advertisement
Advertisement

June 24, 2022

Subscribe to Latest Legal News and Analysis

Data Breach Class Action Against Radiology Companies Dismissed for Lack of Standing

Last week, New York federal judge Vincent L. Bricetti dismissed a data breach class action against Northeast Radiology PC (northeast) and Alliance HealthCare Services (Alliance) because the plaintiffs failed to allege a cognizable injury.

In July 2021, Jose Aponte II and Lisa Rosenberg filed suit alleging that Northeast and Alliance failed to protect their sensitive health data from unauthorized access. The complaint alleged that more than 1.2 million patients’ medical records were exposed, including more than 60 million X-rays, CT scans, MRIs, medical test results, diagnoses, Social Security numbers, names, and addresses.

According to the complaint, in mid-2019, a third-party forensic firm discovered “major flaws” in the companies’ medical archiving system that exposed patients’ medical records to the general public. The plaintiffs alleged that the companies had inadequate security systems and that they failed to remediate the firm’s findings, which led to unauthorized parties accessing patient information for “at least nine months between April 14, 2019 and January 7, 2020.” However, Judge Bricetti dismissed the complaint based on the lack of standing. Judge Bricetti said the mere potential for exposure of their information did not establish that the plaintiffs were harmed from the incident. Judge Bricetti wrote, “Plaintiffs’ risk of future harm is too speculative to establish standing.” Aponte and Rosenberg were patients at Northeast Radiology, however, Northeast Radiology only confirmed that 29 patients’ information was accessed as a result of this incident and the plaintiffs were not included in that group. Therefore, said Judge Bricetti, the risk of having their data misused was too remote and the complaint warranted dismissal.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XII, Number 146
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Kathryn Rattigan Attorney Cybersecurity Data Privacy
Associate

Kathryn Rattigan is a member of the firm's Business Litigation Group and Data Privacy + Cybersecurity Team. She advises clients on data privacy and security, cybersecurity, and compliance with related state and federal laws. Kathryn also provides legal advice regarding the use of unmanned aerial systems (UAS, or drones) and Federal Aviation Administration (FAA) regulations. She represents clients across all industries, such as insurance, health care, education, energy, and construction.

Data Privacy and Cybersecurity Compliance

Kathryn helps clients comply...

401-709-3357
Advertisement
Advertisement
Advertisement